CVE-2025-26665 is a vulnerability classified under CWE-591, which pertains to sensitive data storage in improperly locked memory. Specifically, the issue exists in the upnphost.dll component of Microsoft Windows 10 Version 1507 (build 10.0.10240.0). The flaw allows an authorized attacker with low privileges to elevate their privileges locally by exploiting the improper locking of memory that contains sensitive data. This improper memory handling can lead to leakage or unauthorized access to sensitive information, which can then be leveraged to gain higher privileges on the system. The vulnerability has a CVSS v3.1 base score of 7.0, indicating high severity, with the vector indicating local attack vector (AV:L), high attack complexity (AC:H), low privileges required (PR:L), no user interaction (UI:N), unchanged scope (S:U), and high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). Although no exploits are currently known in the wild, the vulnerability poses a significant risk due to the potential for privilege escalation and subsequent full system compromise. The affected Windows 10 Version 1507 is an early release of Windows 10, which is now largely out of support, increasing the risk for organizations that have not upgraded. The vulnerability was reserved in February 2025 and published in April 2025, with no patches currently linked, suggesting that mitigation may require upgrading or applying vendor guidance once available.

For European organizations, the impact of CVE-2025-26665 can be substantial, particularly for those still operating legacy Windows 10 Version 1507 systems. Successful exploitation allows local attackers to elevate privileges, potentially leading to full administrative control over affected machines. This can result in unauthorized access to sensitive data, disruption of services, and the ability to deploy further malware or ransomware. Critical sectors such as government, finance, healthcare, and industrial control systems could face severe operational and reputational damage. The high impact on confidentiality, integrity, and availability means that data breaches, system outages, and compliance violations (e.g., GDPR) are plausible consequences. Since the attack requires local access and has high complexity, insider threats or attackers who have already gained limited access pose the greatest risk. The lack of known exploits in the wild currently reduces immediate risk but does not eliminate the threat, especially as exploit code may emerge over time.

European organizations should prioritize upgrading all Windows 10 Version 1507 systems to a supported and patched version of Windows 10 or later. Since no direct patches are currently linked, organizations should monitor Microsoft security advisories closely for updates or workarounds related to this vulnerability. Implement strict access controls to limit local access to trusted users only, reducing the risk of local exploitation. Employ endpoint detection and response (EDR) solutions to detect unusual privilege escalation attempts. Conduct regular audits of systems to identify legacy Windows 10 installations and plan for their decommissioning or upgrade. Additionally, enforce the principle of least privilege to minimize the impact of any successful local attack. Network segmentation can help contain compromised systems. Finally, ensure that all sensitive data is encrypted in memory and at rest where possible, and consider deploying memory protection technologies that prevent unauthorized memory access.